Securing Spring Web Services: Chapter 6

Creating Client Classes

1.   Create a class BookStoreClient in com.bookstore.client package. This client class uses spring’s WebServiceTemplate to access BookStore’s web services. This client also sets the soap action header on the soap message by implementing WebServiceMessageCallback interface. For each type of bookstore’s web service requests (add, get, delete) appropriate soap action is set by the client. This allows correct mapping of endpoint methods with the soap action at the server side.

package com.bookstore.client;


import javax.xml.transform.TransformerException;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

import com.bookstore.schema.AddBookRequest;
import com.bookstore.schema.AddBookResponse;
import com.bookstore.schema.Book;
import com.bookstore.schema.DeleteBookRequest;
import com.bookstore.schema.DeleteBookResponse;
import com.bookstore.schema.GetBookRequest;
import com.bookstore.schema.GetBookResponse;
import com.bookstore.schema.ObjectFactory;

public class BookStoreClient implements WebServiceMessageCallback {
    private WebServiceTemplate webServiceTemplate;
       private ObjectFactory factory = new ObjectFactory();
       private String action;

    public void doWithMessage(final WebServiceMessage message)
            throws IOException, TransformerException {
        if (message instanceof SoapMessage) {
            SoapMessage soapMessage = (SoapMessage) message;

       public String add(Book book) {
           action = "Add";
              AddBookRequest addRequest = factory.createAddBookRequest();
              AddBookResponse response = (AddBookResponse) webServiceTemplate.marshalSendAndReceive(addRequest, this);
              return response.getMessage();

       public Book get(String name) {
           action = "Get";
              GetBookRequest getRequest = factory.createGetBookRequest();
              GetBookResponse getResponse = (GetBookResponse) webServiceTemplate.marshalSendAndReceive(getRequest, this);
              return getResponse.getBook();

       public String delete(String name) {
           action = "Delete";
              DeleteBookRequest request = factory.createDeleteBookRequest();
              DeleteBookResponse response = (DeleteBookResponse) webServiceTemplate.marshalSendAndReceive(request, this);
              return response.getMessage();

2. Configure WebServiceTemplate in applicationContext.xml which will be injected into BookStoreClient. It is in this WebServiceTemplate Wss4jSecurityInterceptor is set.

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns=""
       xsi:schemaLocation="     ">
    <context:annotation-config />
    <context:component-scan base-package="com.bookstore.client" />

       <bean name="webserviceTemplate" class="">
              <property name="defaultUri" value="http://localhost:8080/bookstore-web-service/services" />
              <property name="marshaller" ref="marshaller" />
              <property name="unmarshaller" ref="unmarshaller" />
              <property name="interceptors">
                           <ref local="wsClientSecurityInterceptor" />

       <oxm:jaxb2-marshaller id="marshaller" contextPath="com.bookstore.schema" />
       <oxm:jaxb2-marshaller id="unmarshaller" contextPath="com.bookstore.schema" />

       <bean id="wsClientSecurityInterceptor" class="">
              <!-- configuration to encrypt outgoing request -->
              <property name="securementActions" value="Encrypt" />
              <property name="securementEncryptionUser" value="bookstore-server-import" />
              <property name="securementEncryptionCrypto">
                     <ref bean="keystore" />

              <!-- configuration to decrypt incoming response -->
              <property name="validationActions" value="Encrypt" />
              <property name="validationDecryptionCrypto">
                     <ref bean="keystore" />
              <property name="validationCallbackHandler">
                     <bean class="">
                           <property name="privateKeyPassword" value="client12345" />

       <bean id="keystore" class="">
              <property name="keyStorePassword" value="client12345" />
              <property name="keyStoreLocation" value="classpath:/bookstore-client-keystore.jks" />

3.       In, using BookStoreClient access book store’s web services.

package com.bookstore.client;

import org.springframework.context.ApplicationContext;

import com.bookstore.schema.Book;

public class App {
    public static void main(String[] args) {
        ApplicationContext appContext = new ClassPathXmlApplicationContext("applicationContext.xml");
        BookStoreClient bookStoreClient = (BookStoreClient) appContext.getBean("bookStoreClient");

        String responseMessage = null;       
        Book book = createBook();

        responseMessage = bookStoreClient.add(book);
        System.out.println("Add Request: " + responseMessage);

        book = bookStoreClient.get("Spring Web Service");
        System.out.println("Get Request: [Name=" + book.getName() + ", Author=" + book.getAuthor()
                + ", price=" + book.getPrice() + "]");
        responseMessage = bookStoreClient.delete("Spring Web Service");
        System.out.println("Delete Request: " + responseMessage);

    private static Book createBook() {
        Book book = new Book();
        book.setName("Spring Web Service");
        return book;

4.    Now we need to add spring ws core and spring ws security dependencies in pom.xml. In next chapter we will learn how to add these dependencies in pom.xml.

No comments :

Post a Comment